CISA Certified Information Systems Auditor – Question0178

A web organization is developed in-house by an organization. Which of the following would provide the BEST evidence to an IS auditor that the application is secure from external attack?

A.
Code review by a third party
B. Web application firewall implementation
C. Penetration test results
D. Database application monitoring logs

Correct Answer: C